The NAT/Firewall Problem! And the benefits of our cure… Prepared for:Summer VON Europe 2003 SIP Forum By: Karl Erik Ståhl President Intertex Data AB Chairman.

Slides:



Advertisements
Similar presentations
Unleashing the Power of IP Communications Calling Across The Boundaries Mike Burkett, VP Products April 25, 2002.
Advertisements

Caltech Proprietary Videoconferencing Security in VRVS 3.0 and Future Videoconferencing Security in VRVS 3.0 and Future Kun Wei California Institute of.
Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
1 TURN Server for WebRTC in the Firewall © 2014 Ingate Systems AB Prepared for:Ingates SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014 Miami By:Karl.
Open Standards: Communications at Your Desktop SmartCity Summit, April 29 th, 2003 Anne L. Coulombe Head of SIP-Based Solutions, Mitel Networks
Mobility: Connecting Remote Workers TeliaSonera SIP Trunking Deployment © 2011 Intertex Data AB Prepared for:Ingate Systems 3 Day Seminar Unified Communications:
Intertex Data AB, Sweden VoIP to the Edge: Firewalls - The Missing Link Prepared for:Voice On the Net, Fall 2001 By: Karl Erik Ståhl President Intertex.
1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,
NAT, firewalls and IPv6 Christian Huitema Architect, Windows Networking Microsoft Corporation.
Enabling IPv6 in Corporate Intranet Networks
©2012 ClearOne Communications. Confidential and proprietary. COLLABORATE ® Video Conferencing Networking Basics.
TANDBERG Video Communication Server March TANDBERG Video Communication Server Background  SIP is the future protocol of video communication and.
© 2012 Intertex Data AB 1 Needs Show Up in Islands Person-to-person, real-time related: + IM, Presence, + SMS (2G, 3G…) (Wireless only!?) + Skype (call.
WebRTC & SIP E-SBC PBX Companion
Steven J. Johnson President Ingate Systems Inc. Enabling SIP to the Enterprise.
Karl Stahl CEO/CTO Ingate Systems Ingate’s SBCs do more than POTSoIP SIP. They were developed.
Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.
Beyond POTS Replacement Is SIP Trunking a step on that route? © 2009 Intertex Data AB 1 Prepared for:INTERNET TELEPHONY Conference Ingate’s SIP Trunking.
© 2001 Intertex Data AB, All Rights Reserved Spring VON 2001 Demo 1 Intertex Data AB, Sweden IX66 Internet Gate A Firewall with SIP Support Prepared for:Voice.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
The Firewall as a SIP Server Much more than firewall SIP traversal! Prepared for:Spring VON 2003 Enterprise Solutions By: Karl Erik Ståhl President Intertex.
Living the SIMPLE SIP way SIP 2003 Paris, January 2003 Jörgen Björkner VP Concept Development Chairman SIP Forum
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
1 Intertex Demo at Spring VON 2004 Booth 809 Did you think VoIP was just old telephony somewhat cheaper? Not with the IX66! Live IP communication is much.
Intertex Data AB, Sweden Talking NATs & Firewalls Prepared for:Voice On the Net, Spring 2002 By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate.
© 2001 Intertex Data AB, All Rights Reserved Moderator Sandy Teger 1 Intertex Data AB, Sweden IX66 Internet Gate A Firewall with SIP Support Prepared for:Voice.
Wi-Fi Structures.
NATs & Firewalls The General SIP Proxy Firewall Prepared for:Spring VON 2003 By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate Systems AB.
Steven J. Johnson President, Ingate Systems Inc. Enabling Trusted Unified Communications.
Enterprise Infrastructure Solutions for SIP Trunking
Improving Customer Satisfaction Through Advances in Remote Management Technology Greg Michel Product Manager Quintum Technologies Inc.
Virtual Private Networks (Tunnels). When Are VPN Tunnels Used? VPN with PPTP tunnel Used if: All routers support VPN tunnels You are using MS-CHAP or.
Presence Applications in the Real World Patrick Ferriter VP of Product Marketing.
Windows XP Home Networking Scott Manchester Technical Evangelist Home Networking.
Windows Internet Connection Sharing Dave Eitelbach Program Manager Networking And Communications Microsoft Corporation.
Solutions for SIP Trunking
Ingate & Dialogic Technical Presentation SIP Trunking Focused.
SIP? NAT? NOT! Traversing the Firewall for SIP Call Completion Steven Johnson President, Ingate Systems Inc.
PART 2: Product Line. Tenor Switches & Gateways Tenor AX Series Solution For Medium to Large Enterprises  Available in 8, 16, 24 and 48 port Available.
Intertex Data AB, Sweden Future of VoIP Networks and Services Edgy Solutions Prepared for:Voice On the Net, Spring 2002 By: Karl Erik Ståhl President Intertex.
Service Provider Network Customer Site Customer Site First Offering... WAN... PSTN LAN Enterprise Gateway Enterprise Gateway vmail gen d OSS ConfIM Network.
1 Chapter Overview Using the New Connection Wizard to configure network and Internet connections Using the New Connection Wizard to configure outbound.
Quintum Confidential and Proprietary 1 Quintum Technologies, Inc. Session Border Controller and VoIP Devices Behind Firewalls Tim Thornton, CTO.
TMC Internet Telephony Show Leveraging IP Telephony for Telecommuting SIP in Telecommuting and Teleworking Internet Telephony Show, Long Beach CA 10/14/03-10/16/03.
1 Chapter 7: NAT in Internet and Intranet Designs Designs That Include NAT Essential NAT Design Concepts Data Protection in NAT Designs NAT Design Optimization.
Time to Connect Over IP! Don’t we already? Prepared for:Summer VON Europe 2003 Industry Perspective By: Karl Erik Ståhl President Intertex Data AB Chairman.
Intertex Data AB, Sweden Tillämpad IP-telefoni Brandväggen och LANet Förberedd för:IP-dagarna 2002 Av: Karl Erik Ståhl VD Intertex Data AB Ordförande Ingate.
Anders G Eriksson CEO, Ingate Systems Enabling Trusted Unified Communications.
Intertex Data AB, Sweden Firewall and NAT Traversal Bringing SIP the LAN Prepared for:International SIP 2003 By: Karl Erik Ståhl President Intertex Data.
Security, NATs and Firewalls Ingate Systems. Basics of SIP Security.
Dealing with NATs and Firewalls! Prepared for:Fall VON 2003 Boston By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate Systems AB
Citrix Secure Gateway v1.1 Customer Presentation Aug 2002 Customer Presentation Aug 2002.
1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,
Unleashing the Power of IP Communications™ Calling Across The Boundaries Mike Burkett, VP Products September 2002.
Solutions for Unified Enterprise IP Communication Steven J. Johnson President, Ingate Systems Inc.
© 2006 Intertex Data AB 1 Connect your LAN to the SIP world, while keeping your existing firewall*! The IX67 LAN SIParator (Part of the SIP Switch option.
Add Global Connectivity to your Live Communication Server Ingate Systems
NT1210 Introduction to Networking
Windows Vista Configuration MCTS : Advanced Networking.
Chapter 1 Introduction to Networking
Lesson #10 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 10 Configuring Network and Firewall Settings.
11/12/2018.
Enterprise Infrastructure Solutions for SIP Trunking
The Video over IP Company
Intertex Data AB, Sweden
Live Unified Communication Beyond the Borders
Live Unified Communication Beyond the Borders
Protecting Yourself in a WebRTC World
Helping to Achieve ROI Targets with SIP Trunking
Live Unified Communication Beyond the Borders
Presentation transcript:

The NAT/Firewall Problem! And the benefits of our cure… Prepared for:Summer VON Europe 2003 SIP Forum By: Karl Erik Ståhl President Intertex Data AB Chairman Ingate Systems AB © 2003 Intertex Data AB 1

Everyone has a connection IP Phone PSTN SIP /PSTN Gateway IP SOHO LAN Business LAN SIP Server IAP XP PIM Firewall/NAT problems! DSL Cable MTU Operator network with NAT NAT Firewall NAT What is the Problem?? SIP is the Protocol for IP Communication Person to Person, BUT IT DOES NOT REACH THE EDGE! SIP does not traverse common NATs and Firewalls! And they are still being installed…

© 2003 Ingate Systems AB © 2003 Intertex Data AB 3 What is the difference? Typical Internet protocol (SMTP, HTTP…) Internet HOST SERVER SIP (and H.323…) connects person to person Internet PERSON Locate the person - Set up a session - Open real time media streams

© 2003 Ingate Systems AB © 2003 Intertex Data AB 4 SIP Firewall Problems Sessions initiated from outside the firewall - OK, open port 5060, but… Media streams on dynamically allocated port numbers - Ooops…  ! Even with public IP addresses inside Firewall Problems:

© 2003 Ingate Systems AB © 2003 Intertex Data AB 5 SIP NAT/PAT Problems Where is the device? - Registration/location function Private IP addresses and ports in SIP messages - Rewrite with globally routable addresses IP address and port of media stream has to be modified - NAT engine has to be dynamically controlled Worse with private IP addresses inside NAT & PAT Problems:

© 2003 Ingate Systems AB © 2003 Intertex Data AB 6 Suggested Solutions Dynamically controlled Firewall/NATs Midcom: By Firewall Control Proxy UPnP: By the client (Windows) SIP aware Firewall/NATs (SIP Proxy + Registrar) General, handles complex scenarios [Intertex (SOHO), Ingate (enterprise), …] SIP aware Firewall/NATs (SIP ALG – non Proxy) TLS not possible STUN - Can cope with certain types existing NATs SIP clients need to get STUN into their SIP stacks Requires STUN servers on the net Tunnelling - Brings the SIP-client to an operator or a corporate LAN Requires ALG for each client on LAN with own address space IPSec, Proprietary

© 2003 Ingate Systems AB © 2003 Intertex Data AB 7 Internet IP Real and Complex Scenarios SIP /PSTN Gateway Complications:  Tight firewalls?  Call transfer?  SIP server on the LAN?  Trusted connections, TLS? XP SIP Server 2 SIP Server 3 SIP Server 4 LAN Firewall/NAT IP Phone SIP TLS Sooner or later: The NAT/Firewall problem needs to be solved where it occurs!

© 2003 Ingate Systems AB © 2003 Intertex Data AB 8 Adding General SIP Traversal to a Firewall Important components: Firewall & NAT Dynamic Firewall Engine SIP Proxy SIP Proxy Server, controlling the firewall User Location SIP Registrar, user location information Firewall Control Protocol Communication between SIP Proxy and firewall In the Ingate and Intertex products: You got a SIP server! Use it just for firewall traversal AND/OR as your - SIP Server - Outbound proxy - Inbound proxy What have you got?

Firewall/NAT problems! Firewall/NAT SIP transparency! Office or home LAN IP Phone SIP Server PSTN SIP /PSTN Gateway Operator network with NAT Internet NAT Firewall NAT Enterprise LAN DSL Cable MTU DMZ inGate SIParator SIP Enabling the Private Networks inGate Firewall IP Phone IX66 IAP

Internet Just Another Internet Service… PSTN SIP /PSTN Gateway DNS SRV DMZ inGate SIParator XP Ingate Linköping LAN IX66 Intertex Stockholm LAN Sweden IX66 FWD Booth #3 USA Sweden IX66 Home Office Users SOHO LAN IX66 XP London Booth #1 Enterprise LAN XP inGate Firewall Booth #2

IP Communications Using IP Networks Intranet IP VPN with IP communications Domestic and global IP communications PBX and PSTN – E.164 resolution Customer Premises PBX PSTN Phone Managed Services Router Vmail OSS SIP Phone WorldCom PSTN Dialing Plans Network GWY Conf PSTN Phone IM IN Enterprise Gateway SIP Routing Firewall SIP Server IP VPN Global IP Comm Intranet IP Comm …other… Many call routing options: Private/Public IP address DNS and DNS SRV records SIP aware NAT/PAT servers Henry Sinnreich 4/10/2002 WorldCom Public IP Network

IP Communications Using IP Networks PBX PSTN Phone Managed Services Router Vmail OSS SIP Phone WorldCom PSTN Dialing Plans Network GWY Conf PSTN Phone IM IN Enterprise Gateway SIP Routing Firewall SIP Server IP VPN Global IP Comm Intranet IP Comm …other… Integration with existing phones SIP Capable Firewall Ingate and Intertex First through SIT Customer Premises No IP PBX Needed! Enhanced Functionality Enterprise LAN WorldCom Public IP Network

Firewall Presence IM Greenwich Edge Proxy DMZ Microsoft Greenwich Home Server: Presence IM Audio Video Data Col. TLS

© 2003 Ingate Systems AB © 2003 Intertex Data AB 14 Mixed Environments SIP capable firewalls make the difference!

© 2003 Ingate Systems AB © 2003 Intertex Data AB 15 Product Examples – Ingate Systems AB Complete Firewalls Add-on to Existing Firewalls  Firewall & NAT/PAT  SIP Proxy  SIP Registrar Enterprise Products DMZ Existing Firewall SIParator

© 2003 Ingate Systems AB © 2003 Intertex Data AB 16 Product Examples – Intertex Data AB IX66 Internet Gate with or without ADSL modem built-in OEM as: Telia SurfinBird Gate PowerBit SafeGate Review at: SOHO Products

© 2003 Ingate Systems AB © 2003 Intertex Data AB 17 The Intertex IX66 Internet Gate A closer look  Firewall & NAT/PAT Router  SIP Proxy and Registrar  DHCP Server and Client  WEB Server for configuration  Smart Card Reader for security applications  Optional b Wireless Lan  SIP Appliance Control, LAC via expansion port Optional ADSL and Splitter Built-in

© 2003 Ingate Systems AB © 2003 Intertex Data AB 18 SIP Capable Firewalls! Ingate Systems AB Box 10013, Slakthusplan 4 SE Stockholm, Sweden CEO Olle Westerberg Tel Intertex Data AB Rissneleden 45 SE Sundbyberg, Sweden President Karl Erik Ståhl Tel See us in booth 1 & 2!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.